From 20a681ca70bbeb59ea26c1bbbbe5cb8f1de0db68 Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Mon, 28 Oct 2024 09:26:18 -0600 Subject: [PATCH 01/13] updated readme docs --- README.md | 13 ++++++--- terraform/aws/README.md | 63 +++++++++++++++++++++++++++++++++++++++-- 2 files changed, 70 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1dda50d..996b206 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,18 @@ # 3Edges Deployment -This repository contains Terraform scripts to deploy the 3Edges software across cloud provider. These scripts automate the infrastructure setup, ensuring a seamless deployment process of 3Edges into your cloud environment. +This repository contains Terraform scripts to deploy the 3Edges software across cloud providers. These scripts automate the infrastructure setup, ensuring a seamless deployment process of 3Edges into your cloud environment. + +## Table of Contents +1. [Features](#features) +2. [Customization](#customization) +3. [Deployment Documentation](#deployment-documentation) ## Features - Automated Cloud Infrastructure: Deploys and configures cloud resources for 3Edges, such as VPCs, load balancers, Kubernetes clusters, databases, and more. - Scalable and Secure: Includes cloud-native best practices for security, scalability, and reliability. -- Easy Configuration: Customize settings like region, cluster names, and database credentials through a simple configuration file (terraform.tfvars). +- Easy Configuration: Customize settings like region, cluster names, and database credentials through a simple configuration file (`terraform.tfvars`). ## Customization You can modify various settings, just to name a few: @@ -16,8 +21,8 @@ You can modify various settings, just to name a few: - Networking settings - Admin emails and passwords -These can be set in the ```terraform.tfvars file``` +These can be set in the `terraform.tfvars` file. ## Deployment Documentation -[AWS](terraform/aws/README.md) \ No newline at end of file +[AWS](terraform/aws/README.md) diff --git a/terraform/aws/README.md b/terraform/aws/README.md index 5b05a87..caa1877 100644 --- a/terraform/aws/README.md +++ b/terraform/aws/README.md @@ -1,5 +1,23 @@ # AWS Deployment +## Table of Contents +1. [Prerequisites](#prerequisites) +2. [Configuring Domain with Route 53 Name Servers](#configuring-domain-with-route-53-name-servers) +3. [On AWS](#on-aws) + - [EC2 Instance Creation (Terraform Host)](#ec2-instance-creation-terraform-host) + - [Install Prerequisites on EC2 Instance](#install-prerequisites-on-ec2-instance) + - [Create an S3 Bucket for Terraform Statefile](#create-an-s3-bucket-for-terraform-to-store-the-statefile) + - [Create an IAM User for Terraform](#create-an-iam-user-for-terraform) + - [Attach Policies to IAM User](#attach-policies-to-iam-user) + - [Create Access Keys for IAM User](#create-access-keys-for-the-iam-user) +4. [On Terraform Host (EC2 instance)](#on-terraform-host-ec2-instance) + - [Configure AWS CLI](#configure-aws-cli) + - [Clone the GitHub Repository](#clone-the-github-repository) + - [Modify the Backend Configuration](#modify-the-backend-configuration) + - [Modify the Terraform Configuration](#modify-the-terraform-configuration) +5. [Deploy 3Edges to AWS](#deploy-3edges-to-aws) +6. [Release Notes - Post Release Actions](#release-notes---post-release-actions) + ## Prerequisites - Terraform @@ -7,6 +25,8 @@ - Docker +- kubectl + - Git - Neo4j Database access @@ -116,6 +136,14 @@ sudo usermod -aG docker $USER ``` **Make sure to log out and log back in or restart your terminal session for the changes to take effect** +--- +[kubectl Installation Link](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-other-package-management) + +``` +snap install kubectl --classic +kubectl version --client +``` + --- Git installation : Usually Ubuntu EC2 instance comes with git installed in the OS. In-case if its not installed run the following command ``` @@ -124,7 +152,6 @@ sudo apt-get install git git help ``` - ## Create an S3 Bucket for Terraform to store the statefile NOTE: ca-west-1 (Calgary) region is not supported as S3 Bucket Backend. Try to use ca-central-1 (Canada Central) @@ -285,4 +312,36 @@ After making the necessary changes, run the deployment script Once the DNS propagation is successful, open your configured domain in the browser, you will a see Login Page -![](./docs/images/login_page.png) \ No newline at end of file +![](./docs/images/login_page.png) + + +## Release Notes - Post Release Actions + +After a new release of 3Edges, follow these steps to update your deployment. This ensures that any updates to configuration, secrets, or deployments are applied to your environment. + +1. **SSH to EC2 Instance** + - Access the EC2 instance that is running as the Terraform host by connecting via SSH. + +2. **Navigate to the Repository** + - Once connected, navigate to the directory where the Git repository is located (e.g., `/home/ubuntu/3edges-deployments/`). + ```bash + cd /path/to/3edges-deployments/ + ``` + +3. **Authenticate to EKS Cluster** + - Set up the connection to the EKS cluster using the AWS CLI to manage Kubernetes resources. + ```bash + aws eks update-kubeconfig --region --name + ``` + +4. Update ConfigMaps, Secrets, and Restart Deployments + - Use ```kubectl``` commands to update ConfigMaps and Secrets with the latest values, and restart any deployments that have been updated. + ```bash + kubectl rollout restart deployment/ + ``` + +5. Run the Terraform Bash Script + - Execute the Terraform script to apply any infrastructure updates required for the release. + ```bash + terraform/aws/run.sh + ``` From 3ff1d63aa688cc910993920f560c2538ee8c7ecc Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Mon, 28 Oct 2024 11:34:26 -0600 Subject: [PATCH 02/13] updated the extentions to .sample to prevent git pull overwrites --- .gitignore | 2 +- terraform/aws/{backend.tf => backend.tf.sample} | 0 terraform/aws/{terraform.tfvars => terraform.tfvars.sample} | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) rename terraform/aws/{backend.tf => backend.tf.sample} (100%) rename terraform/aws/{terraform.tfvars => terraform.tfvars.sample} (96%) diff --git a/.gitignore b/.gitignore index 655c4de..d7a868c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ .terraform* terraform.* -!terraform.tfvars +!terraform.tfvars.sample plan.bkp localhost/.env .vscode diff --git a/terraform/aws/backend.tf b/terraform/aws/backend.tf.sample similarity index 100% rename from terraform/aws/backend.tf rename to terraform/aws/backend.tf.sample diff --git a/terraform/aws/terraform.tfvars b/terraform/aws/terraform.tfvars.sample similarity index 96% rename from terraform/aws/terraform.tfvars rename to terraform/aws/terraform.tfvars.sample index bf5fce6..e459b9c 100644 --- a/terraform/aws/terraform.tfvars +++ b/terraform/aws/terraform.tfvars.sample @@ -87,8 +87,8 @@ ui_secret_REACT_APP_CAPTCHA_V2 = "your_captcha_v2" # Client ID for Google social authentication idp_config_SOCIAL_GOOGLE_CLIENT_ID = "your-idp-config-social-google-client-id" -# Manual 3Edges Client API deployment (true or false). Enable it to "true" only after DNS Propagation -manual_api_deployment = false +# Manual 3Edges Client API deployment (true or false) +manual_api_deployment = false # Whether the client provides their own cert (true or false) use_client_cert = false From 076f1d6f877853ac656da4e76a66f10edc2e4b40 Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Mon, 28 Oct 2024 11:41:01 -0600 Subject: [PATCH 03/13] updated tags of docker images --- .../kubernetes/deployments/client/pods.tf | 10 +++++----- .../aws/modules/kubernetes/deployments/pods.tf | 18 ++++++------------ 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/terraform/aws/modules/kubernetes/deployments/client/pods.tf b/terraform/aws/modules/kubernetes/deployments/client/pods.tf index 040e31e..ddf4348 100644 --- a/terraform/aws/modules/kubernetes/deployments/client/pods.tf +++ b/terraform/aws/modules/kubernetes/deployments/client/pods.tf @@ -23,7 +23,7 @@ resource "kubernetes_deployment" "deployment_dataproxy" { spec { container { name = "${local.api_name}-proxy" - image = "indykite/3edges-dataproxy:qa" + image = "indykite/3edges-dataproxy:latest" image_pull_policy = "Always" volume_mount { @@ -84,7 +84,7 @@ resource "kubernetes_deployment" "deployment_authorization" { spec { container { name = "${local.api_name}-authz" - image = "indykite/3edges-authorization:qa" + image = "indykite/3edges-authorization:latest" image_pull_policy = "Always" volume_mount { @@ -146,7 +146,7 @@ resource "kubernetes_deployment" "deployment_authorization_csp" { spec { container { name = "${local.api_name}-authz-csp" - image = "indykite/3edges-authorization-csp:qa" + image = "indykite/3edges-authorization-csp:latest" image_pull_policy = "Always" volume_mount { @@ -207,7 +207,7 @@ resource "kubernetes_deployment" "deployment_dashboard" { spec { container { name = "${local.api_name}-dashboard" - image = "indykite/3edges-dashboard:qa" + image = "indykite/3edges-dashboard:latest" image_pull_policy = "Always" volume_mount { @@ -270,7 +270,7 @@ resource "kubernetes_deployment" "deployment_client_idp" { spec { container { name = "${local.api_name}-idp" - image = "indykite/3edges-idp:qa" + image = "indykite/3edges-idp:latest" image_pull_policy = "Always" volume_mount { diff --git a/terraform/aws/modules/kubernetes/deployments/pods.tf b/terraform/aws/modules/kubernetes/deployments/pods.tf index c9e79c8..a81026d 100644 --- a/terraform/aws/modules/kubernetes/deployments/pods.tf +++ b/terraform/aws/modules/kubernetes/deployments/pods.tf @@ -23,8 +23,7 @@ resource "kubernetes_deployment" "deployment_configuration" { spec { container { name = "configuration" - # image = "indykite/3edges-configuration:latest" - image = "indykite/3edges-configuration:qa" + image = "indykite/3edges-configuration:latest" image_pull_policy = "Always" env_from { @@ -71,8 +70,7 @@ resource "kubernetes_deployment" "deployment_dataloader_ui" { spec { container { name = "dataloader-ui" - # image = "indykite/3edges-webloader:latest" - image = "indykite/3edges-webloader:qa" + image = "indykite/3edges-webloader:latest" image_pull_policy = "Always" env_from { @@ -113,8 +111,7 @@ resource "kubernetes_deployment" "deployment_dataloader" { spec { container { name = "dataloader" - # image = "indykite/3edges-dataloader:latest" - image = "indykite/3edges-dataloader:qa" + image = "indykite/3edges-dataloader:latest" image_pull_policy = "Always" env_from { @@ -161,8 +158,7 @@ resource "kubernetes_deployment" "deployment_cluster" { spec { container { name = "cluster" - # image = "indykite/3edges-cluster:latest" - image = "indykite/3edges-cluster:qa" + image = "indykite/3edges-cluster:latest" image_pull_policy = "Always" env_from { @@ -210,8 +206,7 @@ resource "kubernetes_deployment" "deployment_idp" { spec { container { name = "idp" - # image = "indykite/3edges-idp:latest" - image = "indykite/3edges-idp:qa" + image = "indykite/3edges-idp:latest" image_pull_policy = "Always" env_from { @@ -258,8 +253,7 @@ resource "kubernetes_deployment" "deployment_ui" { spec { container { name = "ui" - # image = "indykite/3edges-ui:latest" - image = "indykite/3edges-ui:qa" + image = "indykite/3edges-ui:latest" image_pull_policy = "Always" env_from { From 7c132b3bbf30da29899b961dbeddf14eeb44cebc Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Mon, 28 Oct 2024 14:12:38 -0600 Subject: [PATCH 04/13] updated docs to add terraform destroy and release notes --- terraform/aws/README.md | 44 +++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/terraform/aws/README.md b/terraform/aws/README.md index caa1877..2174aec 100644 --- a/terraform/aws/README.md +++ b/terraform/aws/README.md @@ -16,7 +16,8 @@ - [Modify the Backend Configuration](#modify-the-backend-configuration) - [Modify the Terraform Configuration](#modify-the-terraform-configuration) 5. [Deploy 3Edges to AWS](#deploy-3edges-to-aws) -6. [Release Notes - Post Release Actions](#release-notes---post-release-actions) +6. [Decommission the 3Edges deployment](#decommission-the-3edges-deployment) +7. [Release Notes - Post Release Actions](#release-notes---post-release-actions) ## Prerequisites - Terraform @@ -283,22 +284,19 @@ Clone the repository containing the Terraform configuration: ## Modify the Backend Configuration -Update the `backend.tf` file with your S3 bucket details +Rename backend.tf.sample to backend.tf. Update the `backend.tf` file with your S3 bucket details ``` -3edges-deployments/terraform/aws/backend.tf +cp /path/to/3edges-deployments/terraform/aws/backend.tf.sample /path/to/3edges-deployments/terraform/aws/backend.tf ``` ## Modify the Terraform Configuration -Update the `terraform.tfvars` file with your environment details +Rename terraform.tfvars.sample to terraform.tfvars. Update the `terraform.tfvars` file with your environment details ``` -3edges-deployments/terraform/aws/terraform.tfvars +cp /path/to/3edges-deployments/terraform/aws/terraform.tfvars.sample /path/to/3edges-deployments/terraform/aws/terraform.tfvars ``` -If you are deploying 3Edges on a sub-domain - -1. Make sure you have Route53 record for your root domain and Nameservers added to your Domain Controller. ## Deploy 3Edges to AWS @@ -309,11 +307,25 @@ After making the necessary changes, run the deployment script # ./run.sh ``` - Once the DNS propagation is successful, open your configured domain in the browser, you will a see Login Page ![](./docs/images/login_page.png) +## Decommission the 3Edges deployment + +Warning: Running terraform destroy is a destructive operation that will permanently delete all resources created by your Terraform configuration. Use this command with caution, and ensure you have backups or snapshots of any critical data before proceeding. + +#### Destroy Terraform-managed Resources + +Run the following command to remove all resources defined in the Terraform state. Double-check that you are in the correct environment before executing this command. + +```bash + cd /path/to/3edges-deployments/terraform/aws + + terraform destroy +``` + +When prompted, confirm the destruction process by typing "yes." ## Release Notes - Post Release Actions @@ -327,21 +339,27 @@ After a new release of 3Edges, follow these steps to update your deployment. Thi ```bash cd /path/to/3edges-deployments/ ``` +3. **Pull the latest changes** + - Fetch the most recent updates from the Git repository to ensure you have the latest code, configurations, and scripts + ```bash + git pull origin main + ``` -3. **Authenticate to EKS Cluster** +4. **Authenticate to EKS Cluster** - Set up the connection to the EKS cluster using the AWS CLI to manage Kubernetes resources. ```bash aws eks update-kubeconfig --region --name ``` -4. Update ConfigMaps, Secrets, and Restart Deployments +5. Update ConfigMaps, Secrets, and Restart Deployments - Use ```kubectl``` commands to update ConfigMaps and Secrets with the latest values, and restart any deployments that have been updated. ```bash kubectl rollout restart deployment/ ``` -5. Run the Terraform Bash Script +6. Run the Terraform Bash Script - Execute the Terraform script to apply any infrastructure updates required for the release. ```bash - terraform/aws/run.sh + cd /path/to/3edges-deployments/terraform/aws + ./run.sh ``` From d01a6ce59e911ea8c5a1576b913e767cdf428c22 Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Wed, 30 Oct 2024 13:54:30 -0600 Subject: [PATCH 05/13] added release docs --- terraform/aws/README.md | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/terraform/aws/README.md b/terraform/aws/README.md index 2174aec..32aa818 100644 --- a/terraform/aws/README.md +++ b/terraform/aws/README.md @@ -344,22 +344,27 @@ After a new release of 3Edges, follow these steps to update your deployment. Thi ```bash git pull origin main ``` +4. Run the Terraform Bash Script + - Execute the Terraform script to apply any infrastructure updates required for the release. + ```bash + cd /path/to/3edges-deployments/terraform/aws + ./run.sh + ``` -4. **Authenticate to EKS Cluster** +5. **Authenticate to EKS Cluster** - Set up the connection to the EKS cluster using the AWS CLI to manage Kubernetes resources. ```bash aws eks update-kubeconfig --region --name ``` -5. Update ConfigMaps, Secrets, and Restart Deployments +6. Update ConfigMaps, Secrets, and Restart Deployments - Use ```kubectl``` commands to update ConfigMaps and Secrets with the latest values, and restart any deployments that have been updated. ```bash kubectl rollout restart deployment/ ``` -6. Run the Terraform Bash Script - - Execute the Terraform script to apply any infrastructure updates required for the release. - ```bash - cd /path/to/3edges-deployments/terraform/aws - ./run.sh - ``` +7. Monitor if the restart of the deployment, pods was successful + ```bash + kubectl get all -n 3edges + ``` + From ec0393e6a4419559618a49beb564e57bd85a88c7 Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Wed, 30 Oct 2024 14:15:07 -0600 Subject: [PATCH 06/13] added namesapce to readme --- terraform/aws/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aws/README.md b/terraform/aws/README.md index 32aa818..2c57df6 100644 --- a/terraform/aws/README.md +++ b/terraform/aws/README.md @@ -360,7 +360,7 @@ After a new release of 3Edges, follow these steps to update your deployment. Thi 6. Update ConfigMaps, Secrets, and Restart Deployments - Use ```kubectl``` commands to update ConfigMaps and Secrets with the latest values, and restart any deployments that have been updated. ```bash - kubectl rollout restart deployment/ + kubectl rollout restart deployment/ -n 3edges ``` 7. Monitor if the restart of the deployment, pods was successful From ce0f0aa5b10caa2ce8103bae63ff79b7ea25a6ff Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Wed, 30 Oct 2024 14:26:21 -0600 Subject: [PATCH 07/13] updated README.md --- terraform/aws/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aws/README.md b/terraform/aws/README.md index 2c57df6..5f2b5ca 100644 --- a/terraform/aws/README.md +++ b/terraform/aws/README.md @@ -363,7 +363,7 @@ After a new release of 3Edges, follow these steps to update your deployment. Thi kubectl rollout restart deployment/ -n 3edges ``` -7. Monitor if the restart of the deployment, pods was successful +7. Monitor the deployment to ensure that all pods are successfully running, confirming a stable and operational environment. ```bash kubectl get all -n 3edges ``` From a7f91de856ae1652f459e5799ac1d9590b68a3c1 Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Thu, 14 Nov 2024 16:57:01 -0700 Subject: [PATCH 08/13] updated maintf and variabletf --- terraform/aws/main.tf | 1 + terraform/aws/modules/cluster/main.tf | 5 ++++ terraform/aws/modules/cluster/variables.tf | 2 ++ terraform/aws/modules/kubernetes/main.tf | 11 +++++++ terraform/aws/modules/kubernetes/variables.tf | 4 ++- terraform/aws/modules/vpc/main.tf | 30 ++++++++++++++++++- terraform/aws/modules/vpc/outputs.tf | 14 +++++++++ 7 files changed, 65 insertions(+), 2 deletions(-) diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf index 72a6576..6544c87 100644 --- a/terraform/aws/main.tf +++ b/terraform/aws/main.tf @@ -23,6 +23,7 @@ module "cluster" { source = "./modules/cluster" eks_cluster = var.eks_cluster eks_node_group = var.eks_node_group + eks_security_group_id = module.vpc.eks_security_group_id eks_subnet = module.vpc.eks_subnet iam_role_arn = module.iam.iam_role_arn aws_iam_role = module.iam.aws_iam_role diff --git a/terraform/aws/modules/cluster/main.tf b/terraform/aws/modules/cluster/main.tf index 738af1e..7c0a050 100644 --- a/terraform/aws/modules/cluster/main.tf +++ b/terraform/aws/modules/cluster/main.tf @@ -4,6 +4,7 @@ resource "aws_eks_cluster" "eks_cluster" { vpc_config { subnet_ids = var.eks_subnet[*].id + security_group_ids = [var.eks_security_group_id] } timeouts { @@ -50,6 +51,7 @@ resource "aws_eks_node_group" "eks_node_group" { resource "aws_eks_addon" "vpc_cni" { cluster_name = aws_eks_cluster.eks_cluster.name addon_name = "vpc-cni" + # addon_version = data.aws_eks_addon_version.latest.version # addon_version = "v1.18.1-eksbuild.3" # addon_version = "v1.18.5-eksbuild.1" @@ -62,6 +64,7 @@ resource "aws_eks_addon" "vpc_cni" { resource "aws_eks_addon" "kube_proxy" { cluster_name = aws_eks_cluster.eks_cluster.name addon_name = "kube-proxy" + # addon_version = data.aws_eks_addon_version.latest.version # addon_version = "v1.30.0-eksbuild.3" # addon_version = "v1.31.0-eksbuild.5" @@ -75,6 +78,7 @@ resource "aws_eks_addon" "kube_proxy" { resource "aws_eks_addon" "eks_pod_identity" { cluster_name = aws_eks_cluster.eks_cluster.name addon_name = "eks-pod-identity-agent" + # addon_version = data.aws_eks_addon_version.latest.version # addon_version = "v1.3.0-eksbuild.1" depends_on = [ @@ -87,6 +91,7 @@ resource "aws_eks_addon" "eks_pod_identity" { resource "aws_eks_addon" "coredns" { cluster_name = aws_eks_cluster.eks_cluster.name addon_name = "coredns" + # addon_version = data.aws_eks_addon_version.latest.version # addon_version = "v1.11.1-eksbuild.9" # addon_version = "v1.11.3-eksbuild.1" diff --git a/terraform/aws/modules/cluster/variables.tf b/terraform/aws/modules/cluster/variables.tf index bdc1255..16adb9b 100644 --- a/terraform/aws/modules/cluster/variables.tf +++ b/terraform/aws/modules/cluster/variables.tf @@ -4,6 +4,8 @@ variable "eks_subnet" { type = list(any) } +variable "eks_security_group_id" {} + variable "eks_node_group" {} variable "iam_role_arn" {} diff --git a/terraform/aws/modules/kubernetes/main.tf b/terraform/aws/modules/kubernetes/main.tf index 83a3100..cc1c3d8 100644 --- a/terraform/aws/modules/kubernetes/main.tf +++ b/terraform/aws/modules/kubernetes/main.tf @@ -79,6 +79,11 @@ resource "helm_release" "ingress_nginx" { value = "LoadBalancer" } + # set { + # name = "alb.ingress.kubernetes.io/security-groups" + # value = var.nlb_security_group_id + # } + depends_on = [var.aws_eks_node_group_eks_node_group] } @@ -159,6 +164,12 @@ resource "helm_release" "cert_manager" { depends_on = [helm_release.ingress_nginx, kubernetes_namespace.cert_manager_namespace] } +# module "vpc" { +# source = "../vpc" +# nlb_security_group_id = module.vpc.nlb_sg_id +# } + + module "deployments" { source = "./deployments" cert_manager = kubernetes_namespace.cert_manager_namespace.metadata[0].name diff --git a/terraform/aws/modules/kubernetes/variables.tf b/terraform/aws/modules/kubernetes/variables.tf index e8b4636..217c69c 100644 --- a/terraform/aws/modules/kubernetes/variables.tf +++ b/terraform/aws/modules/kubernetes/variables.tf @@ -427,4 +427,6 @@ variable "client_key_file" {} variable "aws_lb_nginx_load_balancer_zone_id" {} -variable "aws_lb_nginx_load_balancer_dns_name" {} \ No newline at end of file +variable "aws_lb_nginx_load_balancer_dns_name" {} + +# variable "nlb_security_group_id" {} \ No newline at end of file diff --git a/terraform/aws/modules/vpc/main.tf b/terraform/aws/modules/vpc/main.tf index ca0d558..fae4a51 100644 --- a/terraform/aws/modules/vpc/main.tf +++ b/terraform/aws/modules/vpc/main.tf @@ -67,4 +67,32 @@ resource "aws_security_group_rule" "eks_inbound_rule" { cidr_blocks = ["0.0.0.0/0"] security_group_id = aws_security_group.eks_security_group.id -} \ No newline at end of file +} + + +# # This security group is for NLB +# resource "aws_security_group" "nlb_security_group" { +# vpc_id = aws_vpc.eks_vpc.id + +# egress { +# from_port = 0 +# to_port = 0 +# protocol = "-1" +# cidr_blocks = ["0.0.0.0/0"] +# } + +# tags = { +# # Name = var.eks_security_group +# Name = "NLB security group" +# } +# } + +# resource "aws_security_group_rule" "nlb_inbound_rule" { +# type = "ingress" +# from_port = 443 +# to_port = 443 +# protocol = "tcp" +# cidr_blocks = ["0.0.0.0/0"] + +# security_group_id = aws_security_group.nlb_security_group.id +# } \ No newline at end of file diff --git a/terraform/aws/modules/vpc/outputs.tf b/terraform/aws/modules/vpc/outputs.tf index 96d100c..813b6c2 100644 --- a/terraform/aws/modules/vpc/outputs.tf +++ b/terraform/aws/modules/vpc/outputs.tf @@ -1,3 +1,17 @@ output "eks_subnet" { value = tolist(aws_subnet.eks_subnet) } + +# output "vpc_id" { +# value = aws_vpc.eks_vpc.id +# } + +# # NLB Security Group ID +# output "nlb_sg_id" { +# value = aws_security_group.nlb_security_group.id +# } + + +output "eks_security_group_id" { + value = aws_security_group.eks_security_group.id +} \ No newline at end of file From adf7664e0374033ad62e4c33198ca17e969dc314 Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:18:13 -0700 Subject: [PATCH 09/13] support for sg in NLB --- terraform/aws/main.tf | 1 + terraform/aws/modules/kubernetes/data.tf | 1 + terraform/aws/modules/kubernetes/main.tf | 38 ++++++++++++++++--- terraform/aws/modules/kubernetes/variables.tf | 2 +- terraform/aws/modules/vpc/main.tf | 2 +- terraform/aws/modules/vpc/outputs.tf | 2 +- terraform/aws/variables.tf | 8 +++- 7 files changed, 45 insertions(+), 9 deletions(-) diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf index 6544c87..fa4499d 100644 --- a/terraform/aws/main.tf +++ b/terraform/aws/main.tf @@ -45,6 +45,7 @@ module "kubernetes" { aws_eks_cluster_auth_certificate = module.cluster.aws_eks_cluster_auth_certificate aws_eks_cluster_eks_cluster_id = module.cluster.aws_eks_cluster_eks_cluster_id aws_eks_cluster_eks_cluster_name = module.cluster.aws_eks_cluster_eks_cluster_name + # nlb_sg_id = module.vpc.eks_security_group_id #SG NLB eks_cluster = var.eks_cluster aws_region = var.aws_region hosted_zone = var.hosted_zone diff --git a/terraform/aws/modules/kubernetes/data.tf b/terraform/aws/modules/kubernetes/data.tf index a8e8f45..0b2a88b 100644 --- a/terraform/aws/modules/kubernetes/data.tf +++ b/terraform/aws/modules/kubernetes/data.tf @@ -15,4 +15,5 @@ locals { data "aws_lb" "nginx_load_balancer" { name = local.split_hostname[0] + # count = local.load_balancer_hostname == "" ? 0 : 1 } \ No newline at end of file diff --git a/terraform/aws/modules/kubernetes/main.tf b/terraform/aws/modules/kubernetes/main.tf index cc1c3d8..0e966de 100644 --- a/terraform/aws/modules/kubernetes/main.tf +++ b/terraform/aws/modules/kubernetes/main.tf @@ -79,10 +79,33 @@ resource "helm_release" "ingress_nginx" { value = "LoadBalancer" } - # set { - # name = "alb.ingress.kubernetes.io/security-groups" - # value = var.nlb_security_group_id - # } +# set { +# name = "controller.service.ports.http" +# value = 80 +# } +# set { +# name = "controller.service.ports.https" +# value = "443" +# } +# set { +# name = "controller.service.targetPorts.http" +# value = "80" +# } +# set { +# name = "controller.service.targetPorts.https" +# value = "443" +# } + +# #SG NLB +# set { +# name = "service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules" +# value = true +# } + +# set { +# name = "service.beta.kubernetes.io/aws-load-balancer-security-groups" +# value = var.nlb_sg_id +# } depends_on = [var.aws_eks_node_group_eks_node_group] } @@ -166,7 +189,12 @@ resource "helm_release" "cert_manager" { # module "vpc" { # source = "../vpc" -# nlb_security_group_id = module.vpc.nlb_sg_id +# # nlb_security_group_id = module.vpc.nlb_sg_id +# eks_vpc = "" +# eks_internet_gateway = "" +# eks_route_table = "" +# eks_security_group = "" +# nlb_sg_id = var.nlb_sg_id # } diff --git a/terraform/aws/modules/kubernetes/variables.tf b/terraform/aws/modules/kubernetes/variables.tf index 217c69c..9498723 100644 --- a/terraform/aws/modules/kubernetes/variables.tf +++ b/terraform/aws/modules/kubernetes/variables.tf @@ -429,4 +429,4 @@ variable "aws_lb_nginx_load_balancer_zone_id" {} variable "aws_lb_nginx_load_balancer_dns_name" {} -# variable "nlb_security_group_id" {} \ No newline at end of file +# variable "nlb_sg_id" {} #SG NLB \ No newline at end of file diff --git a/terraform/aws/modules/vpc/main.tf b/terraform/aws/modules/vpc/main.tf index fae4a51..5de97a8 100644 --- a/terraform/aws/modules/vpc/main.tf +++ b/terraform/aws/modules/vpc/main.tf @@ -70,7 +70,7 @@ resource "aws_security_group_rule" "eks_inbound_rule" { } -# # This security group is for NLB +# # This security group is for NLB SG NLB # resource "aws_security_group" "nlb_security_group" { # vpc_id = aws_vpc.eks_vpc.id diff --git a/terraform/aws/modules/vpc/outputs.tf b/terraform/aws/modules/vpc/outputs.tf index 813b6c2..a4a9b0b 100644 --- a/terraform/aws/modules/vpc/outputs.tf +++ b/terraform/aws/modules/vpc/outputs.tf @@ -6,7 +6,7 @@ output "eks_subnet" { # value = aws_vpc.eks_vpc.id # } -# # NLB Security Group ID +# #NLB Security Group ID SG NLB # output "nlb_sg_id" { # value = aws_security_group.nlb_security_group.id # } diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf index 29174e0..b95475a 100644 --- a/terraform/aws/variables.tf +++ b/terraform/aws/variables.tf @@ -1238,4 +1238,10 @@ variable "aws_lb_nginx_load_balancer_dns_name" { description = "DNS Name of the Nginx Loadbalancer" default = "" type = string -} \ No newline at end of file +} + +# variable "nlb_sg_id" { +# description = "" +# default = "" +# type = string +# } \ No newline at end of file From defcb665191419a82adfc49ef87dec696de9b4f0 Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Tue, 10 Dec 2024 13:28:26 -0700 Subject: [PATCH 10/13] updated for release 6.2.0 --- terraform/aws/README.md | 15 ++++------ terraform/aws/main.tf | 14 ++++----- .../kubernetes/deployments/client/pods.tf | 15 ++++++++++ .../kubernetes/deployments/configmap.tf | 4 +++ .../modules/kubernetes/deployments/pods.tf | 24 +++++++++++++++ terraform/aws/scripts/authn-k8s-cluster.sh | 10 +++++++ .../scripts/restart-3edges-controlplane.sh | 30 +++++++++++++++++++ terraform/aws/variables.tf | 4 +-- 8 files changed, 97 insertions(+), 19 deletions(-) create mode 100755 terraform/aws/scripts/authn-k8s-cluster.sh create mode 100755 terraform/aws/scripts/restart-3edges-controlplane.sh diff --git a/terraform/aws/README.md b/terraform/aws/README.md index 5f2b5ca..787d9d2 100644 --- a/terraform/aws/README.md +++ b/terraform/aws/README.md @@ -352,19 +352,14 @@ After a new release of 3Edges, follow these steps to update your deployment. Thi ``` 5. **Authenticate to EKS Cluster** - - Set up the connection to the EKS cluster using the AWS CLI to manage Kubernetes resources. + - Set up the connection to the EKS cluster by executing the following script ```bash - aws eks update-kubeconfig --region --name + /path/to/3edges-deployments/terraform/aws/scripts/authn-k8s-cluster.sh ``` -6. Update ConfigMaps, Secrets, and Restart Deployments - - Use ```kubectl``` commands to update ConfigMaps and Secrets with the latest values, and restart any deployments that have been updated. - ```bash - kubectl rollout restart deployment/ -n 3edges - ``` - -7. Monitor the deployment to ensure that all pods are successfully running, confirming a stable and operational environment. +6. Restart the Deployments and ensure the pods are running successfully ```bash - kubectl get all -n 3edges + /path/to/3edges-deployments/terraform/aws/scripts/restart-3edges-controlplane.sh ``` + diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf index fa4499d..0630d22 100644 --- a/terraform/aws/main.tf +++ b/terraform/aws/main.tf @@ -38,13 +38,13 @@ module "cluster" { } module "kubernetes" { - source = "./modules/kubernetes" - aws_eks_cluster_auth_token = module.cluster.aws_eks_cluster_auth_token - aws_eks_cluster_auth_endpoint = module.cluster.aws_eks_cluster_auth_endpoint - aws_eks_node_group_eks_node_group = module.cluster.aws_eks_node_group_eks_node_group - aws_eks_cluster_auth_certificate = module.cluster.aws_eks_cluster_auth_certificate - aws_eks_cluster_eks_cluster_id = module.cluster.aws_eks_cluster_eks_cluster_id - aws_eks_cluster_eks_cluster_name = module.cluster.aws_eks_cluster_eks_cluster_name + source = "./modules/kubernetes" + aws_eks_cluster_auth_token = module.cluster.aws_eks_cluster_auth_token + aws_eks_cluster_auth_endpoint = module.cluster.aws_eks_cluster_auth_endpoint + aws_eks_node_group_eks_node_group = module.cluster.aws_eks_node_group_eks_node_group + aws_eks_cluster_auth_certificate = module.cluster.aws_eks_cluster_auth_certificate + aws_eks_cluster_eks_cluster_id = module.cluster.aws_eks_cluster_eks_cluster_id + aws_eks_cluster_eks_cluster_name = module.cluster.aws_eks_cluster_eks_cluster_name # nlb_sg_id = module.vpc.eks_security_group_id #SG NLB eks_cluster = var.eks_cluster aws_region = var.aws_region diff --git a/terraform/aws/modules/kubernetes/deployments/client/pods.tf b/terraform/aws/modules/kubernetes/deployments/client/pods.tf index ddf4348..586837b 100644 --- a/terraform/aws/modules/kubernetes/deployments/client/pods.tf +++ b/terraform/aws/modules/kubernetes/deployments/client/pods.tf @@ -2,6 +2,9 @@ resource "kubernetes_deployment" "deployment_dataproxy" { metadata { name = "${local.api_name}-proxy" namespace = "3edges" + labels = { + type = "3edges_client_api" + } } spec { @@ -63,6 +66,9 @@ resource "kubernetes_deployment" "deployment_authorization" { metadata { name = "${local.api_name}-authz" namespace = "3edges" + labels = { + type = "3edges_client_api" + } } spec { @@ -125,6 +131,9 @@ resource "kubernetes_deployment" "deployment_authorization_csp" { metadata { name = "${local.api_name}-authz-csp" namespace = "3edges" + labels = { + type = "3edges_client_api" + } } spec { @@ -186,6 +195,9 @@ resource "kubernetes_deployment" "deployment_dashboard" { metadata { name = "${local.api_name}-dashboard" namespace = "3edges" + labels = { + type = "3edges_client_api" + } } spec { @@ -249,6 +261,9 @@ resource "kubernetes_deployment" "deployment_client_idp" { metadata { name = "${local.api_name}-idp" namespace = "3edges" + labels = { + type = "3edges_client_api" + } } spec { diff --git a/terraform/aws/modules/kubernetes/deployments/configmap.tf b/terraform/aws/modules/kubernetes/deployments/configmap.tf index c76506d..2195e66 100644 --- a/terraform/aws/modules/kubernetes/deployments/configmap.tf +++ b/terraform/aws/modules/kubernetes/deployments/configmap.tf @@ -162,6 +162,10 @@ resource "kubernetes_config_map" "cluster_config" { API_NAME = local.api_name hostedZoneID = var.aws_route53_zone_hosted_zone_id DOMAIN = var.hosted_zone + REPO_PROD = "indykite" + TAG_PROD = "latest" + REPO_QA = "us-docker.pkg.dev/edges-305901/gcr.io" + TAG_QA = "qa" } diff --git a/terraform/aws/modules/kubernetes/deployments/pods.tf b/terraform/aws/modules/kubernetes/deployments/pods.tf index a81026d..62e4783 100644 --- a/terraform/aws/modules/kubernetes/deployments/pods.tf +++ b/terraform/aws/modules/kubernetes/deployments/pods.tf @@ -2,6 +2,9 @@ resource "kubernetes_deployment" "deployment_configuration" { metadata { name = "configuration" namespace = "3edges" + labels = { + type = "3edges_control_plane" + } } spec { @@ -17,6 +20,7 @@ resource "kubernetes_deployment" "deployment_configuration" { metadata { labels = { app = "configuration" + type = "3edges_control_plane" } } @@ -49,6 +53,9 @@ resource "kubernetes_deployment" "deployment_dataloader_ui" { metadata { name = "dataloader-ui" namespace = "3edges" + labels = { + type = "3edges_control_plane" + } } spec { @@ -64,6 +71,7 @@ resource "kubernetes_deployment" "deployment_dataloader_ui" { metadata { labels = { app = "dataloader-ui" + type = "3edges_control_plane" } } @@ -90,6 +98,9 @@ resource "kubernetes_deployment" "deployment_dataloader" { metadata { name = "dataloader" namespace = "3edges" + labels = { + type = "3edges_control_plane" + } } spec { @@ -105,6 +116,7 @@ resource "kubernetes_deployment" "deployment_dataloader" { metadata { labels = { app = "dataloader" + type = "3edges_control_plane" } } @@ -137,6 +149,9 @@ resource "kubernetes_deployment" "deployment_cluster" { metadata { name = "cluster" namespace = "3edges" + labels = { + type = "3edges_control_plane" + } } spec { @@ -152,6 +167,7 @@ resource "kubernetes_deployment" "deployment_cluster" { metadata { labels = { app = "cluster" + type = "3edges_control_plane" } } @@ -185,6 +201,9 @@ resource "kubernetes_deployment" "deployment_idp" { metadata { name = "idp" namespace = "3edges" + labels = { + type = "3edges_control_plane" + } } spec { @@ -200,6 +219,7 @@ resource "kubernetes_deployment" "deployment_idp" { metadata { labels = { app = "idp" + type = "3edges_control_plane" } } @@ -232,6 +252,9 @@ resource "kubernetes_deployment" "deployment_ui" { metadata { name = "ui" namespace = "3edges" + labels = { + type = "3edges_control_plane" + } } spec { @@ -247,6 +270,7 @@ resource "kubernetes_deployment" "deployment_ui" { metadata { labels = { app = "ui" + type = "3edges_control_plane" } } diff --git a/terraform/aws/scripts/authn-k8s-cluster.sh b/terraform/aws/scripts/authn-k8s-cluster.sh new file mode 100755 index 0000000..b2c279b --- /dev/null +++ b/terraform/aws/scripts/authn-k8s-cluster.sh @@ -0,0 +1,10 @@ +# Prompt the user for the region +read -p "Enter the AWS region (e.g., us-east-1): " region + +# Prompt the user for the cluster name +read -p "Enter the EKS cluster name: " cluster_name + +# Run the AWS CLI command to update the kubeconfig +aws eks update-kubeconfig --region "$region" --name "$cluster_name" + +# echo -ne "\nKubeconfig updated for cluster '$cluster_name' in region '$region'." \ No newline at end of file diff --git a/terraform/aws/scripts/restart-3edges-controlplane.sh b/terraform/aws/scripts/restart-3edges-controlplane.sh new file mode 100755 index 0000000..7079fdb --- /dev/null +++ b/terraform/aws/scripts/restart-3edges-controlplane.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# Restart the Deployment in the "3edges" namespace where the label "type=3edges_control_plane" matches. +kubectl rollout restart deployment --selector="type=3edges_control_plane" -n 3edges + +echo -ne "\n" + +# Function to display the message and progress bar +progress_bar_with_message() { + local progress=$1 + local total=50 # Total width of the progress bar + local completed=$((progress * total / 100)) + local remaining=$((total - completed)) + + # Print the message with the progress bar on the same line + printf "\rRestarting the 3Edges control plane. PLEASE WAIT [%-${total}s] %d%%" "$(printf '#%.0s' $(seq 1 $completed))" "$progress" +} + +# Main script +# Simulate a task with progress updates +for i in {1..100}; do + progress_bar_with_message $i # Update the progress bar + sleep 0.1 # Simulate work +done + +# Move to the next line after the progress bar completes +echo -e "\n" + +# Get the list of Pods in the "3edges" namespace with the label "type=3edges_control_plane". +kubectl get pods --selector="type=3edges_control_plane" -n 3edges \ No newline at end of file diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf index b95475a..ab68582 100644 --- a/terraform/aws/variables.tf +++ b/terraform/aws/variables.tf @@ -800,7 +800,7 @@ variable "idp_config_CLAIMS_ARRAY" { variable "idp_config_OIDC_ACCESS_TOKEN_EXPIRE" { description = "Expiration time of the OIDC access token in hours." type = string - default = "24" + default = "3600" } variable "idp_config_CONTENT_SECURITY_POLICY" { @@ -962,7 +962,7 @@ variable "idp_config_PRIM_UI_CLIENT_ID" { variable "idp_config_OIDC_REFRESH_TOKEN_EXPIRE" { description = "Expiration time of the OIDC refresh token in hours." type = string - default = "24" + default = "3600" } variable "idp_config_CONFIG_URL" { From 6cb29f450f0c1b2bd35fb6fc560ed25c80c3d77e Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Wed, 18 Dec 2024 10:00:48 -0700 Subject: [PATCH 11/13] removed the redundant sg --- terraform/aws/modules/cluster/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform/aws/modules/cluster/main.tf b/terraform/aws/modules/cluster/main.tf index 7c0a050..0838f97 100644 --- a/terraform/aws/modules/cluster/main.tf +++ b/terraform/aws/modules/cluster/main.tf @@ -4,7 +4,6 @@ resource "aws_eks_cluster" "eks_cluster" { vpc_config { subnet_ids = var.eks_subnet[*].id - security_group_ids = [var.eks_security_group_id] } timeouts { From f1a683fe5141843df30dbdecba540059f8fcc9fa Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Wed, 18 Dec 2024 10:20:00 -0700 Subject: [PATCH 12/13] removed commented code --- terraform/aws/main.tf | 1 - terraform/aws/modules/cluster/main.tf | 11 ----- terraform/aws/modules/kubernetes/data.tf | 1 - .../deployments/client/api_route53.tf | 10 ----- terraform/aws/modules/kubernetes/main.tf | 44 ------------------- terraform/aws/modules/kubernetes/variables.tf | 5 --- terraform/aws/modules/vpc/main.tf | 27 ------------ terraform/aws/modules/vpc/outputs.tf | 10 ----- terraform/aws/outputs.tf | 27 ------------ terraform/aws/scripts/authn-k8s-cluster.sh | 2 - terraform/aws/variables.tf | 6 --- 11 files changed, 144 deletions(-) diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf index 0630d22..e255346 100644 --- a/terraform/aws/main.tf +++ b/terraform/aws/main.tf @@ -45,7 +45,6 @@ module "kubernetes" { aws_eks_cluster_auth_certificate = module.cluster.aws_eks_cluster_auth_certificate aws_eks_cluster_eks_cluster_id = module.cluster.aws_eks_cluster_eks_cluster_id aws_eks_cluster_eks_cluster_name = module.cluster.aws_eks_cluster_eks_cluster_name - # nlb_sg_id = module.vpc.eks_security_group_id #SG NLB eks_cluster = var.eks_cluster aws_region = var.aws_region hosted_zone = var.hosted_zone diff --git a/terraform/aws/modules/cluster/main.tf b/terraform/aws/modules/cluster/main.tf index 0838f97..9629230 100644 --- a/terraform/aws/modules/cluster/main.tf +++ b/terraform/aws/modules/cluster/main.tf @@ -50,9 +50,6 @@ resource "aws_eks_node_group" "eks_node_group" { resource "aws_eks_addon" "vpc_cni" { cluster_name = aws_eks_cluster.eks_cluster.name addon_name = "vpc-cni" - # addon_version = data.aws_eks_addon_version.latest.version - # addon_version = "v1.18.1-eksbuild.3" - # addon_version = "v1.18.5-eksbuild.1" depends_on = [ aws_eks_cluster.eks_cluster, @@ -63,9 +60,6 @@ resource "aws_eks_addon" "vpc_cni" { resource "aws_eks_addon" "kube_proxy" { cluster_name = aws_eks_cluster.eks_cluster.name addon_name = "kube-proxy" - # addon_version = data.aws_eks_addon_version.latest.version - # addon_version = "v1.30.0-eksbuild.3" - # addon_version = "v1.31.0-eksbuild.5" depends_on = [ aws_eks_addon.vpc_cni, @@ -77,8 +71,6 @@ resource "aws_eks_addon" "kube_proxy" { resource "aws_eks_addon" "eks_pod_identity" { cluster_name = aws_eks_cluster.eks_cluster.name addon_name = "eks-pod-identity-agent" - # addon_version = data.aws_eks_addon_version.latest.version - # addon_version = "v1.3.0-eksbuild.1" depends_on = [ aws_eks_addon.kube_proxy, @@ -90,9 +82,6 @@ resource "aws_eks_addon" "eks_pod_identity" { resource "aws_eks_addon" "coredns" { cluster_name = aws_eks_cluster.eks_cluster.name addon_name = "coredns" - # addon_version = data.aws_eks_addon_version.latest.version - # addon_version = "v1.11.1-eksbuild.9" - # addon_version = "v1.11.3-eksbuild.1" depends_on = [ aws_eks_addon.eks_pod_identity, diff --git a/terraform/aws/modules/kubernetes/data.tf b/terraform/aws/modules/kubernetes/data.tf index 0b2a88b..a8e8f45 100644 --- a/terraform/aws/modules/kubernetes/data.tf +++ b/terraform/aws/modules/kubernetes/data.tf @@ -15,5 +15,4 @@ locals { data "aws_lb" "nginx_load_balancer" { name = local.split_hostname[0] - # count = local.load_balancer_hostname == "" ? 0 : 1 } \ No newline at end of file diff --git a/terraform/aws/modules/kubernetes/deployments/client/api_route53.tf b/terraform/aws/modules/kubernetes/deployments/client/api_route53.tf index d2db5a9..1406981 100644 --- a/terraform/aws/modules/kubernetes/deployments/client/api_route53.tf +++ b/terraform/aws/modules/kubernetes/deployments/client/api_route53.tf @@ -3,9 +3,6 @@ locals { domain_parts = split(".", var.hosted_zone) root_domain = length(local.domain_parts) > 2 ? join(".", slice(local.domain_parts, length(local.domain_parts) - 2, length(local.domain_parts))) : var.hosted_zone - # Condition to determine if the hosted zone is a root domain or not - # For example, check if the hosted zone is equal to root_domain -# is_root_domain = var.hosted_zone == local.root_domain } # Look up the existing hosted zone for the parent domain @@ -14,16 +11,9 @@ data "aws_route53_zone" "parent_domain" { private_zone = false } -# # Conditionally create a new hosted zone if the parent domain doesn't exist -# resource "aws_route53_zone" "hosted_zone" { -# # count = length(data.aws_route53_zone.parent_domain.id != "" ? [] : [1]) # Only create if not found -# count = length(data.aws_route53_zone.parent_domain) == 0 ? 1 : 0 # Only create if not found -# name = local.root_domain -# } # Use the correct zone ID (either existing or newly created) locals { - # zone_id = length(data.aws_route53_zone.parent_domain) > 0 ? data.aws_route53_zone.parent_domain[0].zone_id : aws_route53_zone.hosted_zone[0].id zone_id = data.aws_route53_zone.parent_domain.zone_id } diff --git a/terraform/aws/modules/kubernetes/main.tf b/terraform/aws/modules/kubernetes/main.tf index 0e966de..d4e99b9 100644 --- a/terraform/aws/modules/kubernetes/main.tf +++ b/terraform/aws/modules/kubernetes/main.tf @@ -79,34 +79,6 @@ resource "helm_release" "ingress_nginx" { value = "LoadBalancer" } -# set { -# name = "controller.service.ports.http" -# value = 80 -# } -# set { -# name = "controller.service.ports.https" -# value = "443" -# } -# set { -# name = "controller.service.targetPorts.http" -# value = "80" -# } -# set { -# name = "controller.service.targetPorts.https" -# value = "443" -# } - -# #SG NLB -# set { -# name = "service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules" -# value = true -# } - -# set { -# name = "service.beta.kubernetes.io/aws-load-balancer-security-groups" -# value = var.nlb_sg_id -# } - depends_on = [var.aws_eks_node_group_eks_node_group] } @@ -130,16 +102,10 @@ data "aws_route53_zone" "parent_domain" { # Conditionally create a new hosted zone if the parent domain doesn't exist resource "aws_route53_zone" "hosted_zone" { - # count = length(data.aws_route53_zone.parent_domain.id != "" ? [] : [1]) # Only create if not found count = length(data.aws_route53_zone.parent_domain) == 0 ? 1 : 0 # Only create if not found name = local.root_domain } -# Use the correct zone ID (either existing or newly created) -# locals { -# zone_id = data.aws_route53_zone.parent_domain.id != "" ? data.aws_route53_zone.parent_domain.zone_id : aws_route53_zone.hosted_zone[0].id -# } - locals { zone_id = length(data.aws_route53_zone.parent_domain) > 0 ? data.aws_route53_zone.parent_domain[0].zone_id : aws_route53_zone.hosted_zone[0].id } @@ -187,16 +153,6 @@ resource "helm_release" "cert_manager" { depends_on = [helm_release.ingress_nginx, kubernetes_namespace.cert_manager_namespace] } -# module "vpc" { -# source = "../vpc" -# # nlb_security_group_id = module.vpc.nlb_sg_id -# eks_vpc = "" -# eks_internet_gateway = "" -# eks_route_table = "" -# eks_security_group = "" -# nlb_sg_id = var.nlb_sg_id -# } - module "deployments" { source = "./deployments" diff --git a/terraform/aws/modules/kubernetes/variables.tf b/terraform/aws/modules/kubernetes/variables.tf index 9498723..75dde66 100644 --- a/terraform/aws/modules/kubernetes/variables.tf +++ b/terraform/aws/modules/kubernetes/variables.tf @@ -254,9 +254,6 @@ variable "cluster_secret_SESSION_PIPELINE" {} variable "cluster_secret_TOKEN_PIPELINE" {} -# variable "aws_route53_zone_hosted_zone_id" {} - - variable "idp_config_NODE_ENV" {} variable "idp_config_OIDC_PORT" {} @@ -428,5 +425,3 @@ variable "client_key_file" {} variable "aws_lb_nginx_load_balancer_zone_id" {} variable "aws_lb_nginx_load_balancer_dns_name" {} - -# variable "nlb_sg_id" {} #SG NLB \ No newline at end of file diff --git a/terraform/aws/modules/vpc/main.tf b/terraform/aws/modules/vpc/main.tf index 5de97a8..5a0977f 100644 --- a/terraform/aws/modules/vpc/main.tf +++ b/terraform/aws/modules/vpc/main.tf @@ -69,30 +69,3 @@ resource "aws_security_group_rule" "eks_inbound_rule" { security_group_id = aws_security_group.eks_security_group.id } - -# # This security group is for NLB SG NLB -# resource "aws_security_group" "nlb_security_group" { -# vpc_id = aws_vpc.eks_vpc.id - -# egress { -# from_port = 0 -# to_port = 0 -# protocol = "-1" -# cidr_blocks = ["0.0.0.0/0"] -# } - -# tags = { -# # Name = var.eks_security_group -# Name = "NLB security group" -# } -# } - -# resource "aws_security_group_rule" "nlb_inbound_rule" { -# type = "ingress" -# from_port = 443 -# to_port = 443 -# protocol = "tcp" -# cidr_blocks = ["0.0.0.0/0"] - -# security_group_id = aws_security_group.nlb_security_group.id -# } \ No newline at end of file diff --git a/terraform/aws/modules/vpc/outputs.tf b/terraform/aws/modules/vpc/outputs.tf index a4a9b0b..7a1e59a 100644 --- a/terraform/aws/modules/vpc/outputs.tf +++ b/terraform/aws/modules/vpc/outputs.tf @@ -2,16 +2,6 @@ output "eks_subnet" { value = tolist(aws_subnet.eks_subnet) } -# output "vpc_id" { -# value = aws_vpc.eks_vpc.id -# } - -# #NLB Security Group ID SG NLB -# output "nlb_sg_id" { -# value = aws_security_group.nlb_security_group.id -# } - - output "eks_security_group_id" { value = aws_security_group.eks_security_group.id } \ No newline at end of file diff --git a/terraform/aws/outputs.tf b/terraform/aws/outputs.tf index 16cc03d..2dea373 100644 --- a/terraform/aws/outputs.tf +++ b/terraform/aws/outputs.tf @@ -1,34 +1,7 @@ -# output "oidc_provider_url" { -# value = module.cluster.aws_eks_cluster_eks_cluster_identity[0].oidc[0].issuer -# } - -# output "oidc_provider_audience" { -# value = "sts.amazonaws.com" -# } - -# output "cluster_config_NGINX_LB" { -# value = module.kubernetes.aws_lb_nginx_load_balancer["dns_name"] -# } - -# local values -# output "configuration_config_CLUSTER_URL" { -# value = local.configuration_config_CLUSTER_URL -# } - -# output "n_client_secret" { -# value = module.cypher.docker_n_client_secret -# } - output "DOMAIN_URL" { value = "https://${var.hosted_zone}" } - -# output "api_authz_url" { -# value = module.kubernetes. - -# } - output "API_SERVICE_URL" { value = var.manual_api_deployment ? "https://${module.kubernetes.dataproxy_url}" : "NO MANUAL API DEPLOYMENTS FOUND" } diff --git a/terraform/aws/scripts/authn-k8s-cluster.sh b/terraform/aws/scripts/authn-k8s-cluster.sh index b2c279b..0da3543 100755 --- a/terraform/aws/scripts/authn-k8s-cluster.sh +++ b/terraform/aws/scripts/authn-k8s-cluster.sh @@ -6,5 +6,3 @@ read -p "Enter the EKS cluster name: " cluster_name # Run the AWS CLI command to update the kubeconfig aws eks update-kubeconfig --region "$region" --name "$cluster_name" - -# echo -ne "\nKubeconfig updated for cluster '$cluster_name' in region '$region'." \ No newline at end of file diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf index ab68582..8aa1c98 100644 --- a/terraform/aws/variables.tf +++ b/terraform/aws/variables.tf @@ -1239,9 +1239,3 @@ variable "aws_lb_nginx_load_balancer_dns_name" { default = "" type = string } - -# variable "nlb_sg_id" { -# description = "" -# default = "" -# type = string -# } \ No newline at end of file From 2757d5ecb887b0adf3060617ab3975eaad0ce2f2 Mon Sep 17 00:00:00 2001 From: prajwaliam <140848730+prajwaliam@users.noreply.github.com> Date: Wed, 18 Dec 2024 10:21:26 -0700 Subject: [PATCH 13/13] format the tf files --- terraform/aws/main.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf index e255346..6544c87 100644 --- a/terraform/aws/main.tf +++ b/terraform/aws/main.tf @@ -38,13 +38,13 @@ module "cluster" { } module "kubernetes" { - source = "./modules/kubernetes" - aws_eks_cluster_auth_token = module.cluster.aws_eks_cluster_auth_token - aws_eks_cluster_auth_endpoint = module.cluster.aws_eks_cluster_auth_endpoint - aws_eks_node_group_eks_node_group = module.cluster.aws_eks_node_group_eks_node_group - aws_eks_cluster_auth_certificate = module.cluster.aws_eks_cluster_auth_certificate - aws_eks_cluster_eks_cluster_id = module.cluster.aws_eks_cluster_eks_cluster_id - aws_eks_cluster_eks_cluster_name = module.cluster.aws_eks_cluster_eks_cluster_name + source = "./modules/kubernetes" + aws_eks_cluster_auth_token = module.cluster.aws_eks_cluster_auth_token + aws_eks_cluster_auth_endpoint = module.cluster.aws_eks_cluster_auth_endpoint + aws_eks_node_group_eks_node_group = module.cluster.aws_eks_node_group_eks_node_group + aws_eks_cluster_auth_certificate = module.cluster.aws_eks_cluster_auth_certificate + aws_eks_cluster_eks_cluster_id = module.cluster.aws_eks_cluster_eks_cluster_id + aws_eks_cluster_eks_cluster_name = module.cluster.aws_eks_cluster_eks_cluster_name eks_cluster = var.eks_cluster aws_region = var.aws_region hosted_zone = var.hosted_zone